Prevent uncleared memory leaking in rw_i93.cc
Bug: 139738828
Test: manual
Change-Id: I4e330d4ad1380dbd1e695f81b8183ca8b182b114
Exempt-From-Owner-Approval: new owner approved
(cherry picked from commit d8948d4a1fbb00abecc72227a1910d94633a84e8)
diff --git a/src/nfc/tags/rw_i93.cc b/src/nfc/tags/rw_i93.cc
index 428bdae..fbd7379 100644
--- a/src/nfc/tags/rw_i93.cc
+++ b/src/nfc/tags/rw_i93.cc
@@ -2639,12 +2639,20 @@
}
/* get buffer to store CC, zero length NDEF TLV and Terminator TLV */
- p_i93->p_update_data = (uint8_t*)GKI_getbuf(RW_I93_FORMAT_DATA_LEN);
+ /* Block size could be either 4 or 8 or 16 or 32 bytes */
+ /* Get buffer for the largest block size I93_MAX_BLOCK_LENGH */
+ p_i93->p_update_data = (uint8_t*)GKI_getbuf(I93_MAX_BLOCK_LENGH);
if (!p_i93->p_update_data) {
LOG(ERROR) << StringPrintf("Cannot allocate buffer");
rw_i93_handle_error(NFC_STATUS_FAILED);
break;
+ } else if (p_i93->block_size > RW_I93_FORMAT_DATA_LEN) {
+ /* Possible leaking information from previous NFC transactions */
+ /* Clear previous values */
+ memset(p_i93->p_update_data, I93_ICODE_TLV_TYPE_NULL,
+ I93_MAX_BLOCK_LENGH);
+ android_errorWriteLog(0x534e4554, "139738828");
}
p = p_i93->p_update_data;